Mon01222018

Last updateThu, 21 Dec 2017 2pm

 

Introducing – Tools for Cinema Quality Assurance

cat_pr1_sm_jpg

Cinema Test Tools for the non-Technical Manager – Post Installation Quality Assurance Has Begun

Cinema Test Tools is a free resource for the cinema industry, tuned most particularly for the non-technical manager. The tools include several DCPs, all with interesting means of testing the sound and picture quality for the interested by lightly trained staff. The lessons on sound and light are written to provide a foundation to communicate with the technician who must respond quickly and well to the information that they discover.

The key is a free Managers Walk Through Checklist that correlates with the many DCPs. It helps bring an understanding of the many nuances of the auditorium's situation in a straightforward way. 

The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his States and all their clans are preserved. Confucius Chinese philosopher & reformer (551 BC - 479 BC)

Infected USB caused biggest US military breach ever

If a USB stick can invade the most secure network on the planet, should the dcinema business at least be interested?

ITPro reports that a top government official has revealed an infected USB was the cause of a major US military security breach.

Read more ...

Simple Great Passwords v Cracking Dictionaries For Rent

"Passwords are the softest security target and until people and organisations start adopting strong authentication in the form of, for instance, two-factor authentication this problem won’t go away" – Jason Hart, VP Security at CRYPTOCard.

The article in IT Pro Is your password really as secure as you think it is? has some thoughts on how to create and encourage better passwords. The methods seem a bit tedious for normal computer users who have little on their computers to steal, but the logic of creating a method for all passwords and sticking to it is an important one to promote.

The overall topic is social engineering...and how the BlackHats are getting very clever at making tools to crack more elaborate passwords. 

Read more ...

Remote wiping technology Hard Disks

Toshiba has announced the launch of its wipe technology for self-encrypting hard disk drives. As a tool for DCinema, this isn't immediately interesting, but it adds a potential tool for future security.

According to Toshiba, Wipe for Toshiba Self-Encrypting Drive allows sensitive user data to be securely erased when a system is powered-down, or when a SED hard disk drive is removed from the system. The feature can also be used to securely erase user data prior to returning a leased system, system disposal or re-purposing.

Read more ...

!!! Browser Auto-Complete–All Vulnerable

This article takes a while to say that all browsers, except possibly Internet Explorer 8, are vulnerable to a simple attack that will cough up any data you have in your auto-complete file. That is, names, password, credit data? (who keeps credit card data in auto-complete? Have you checked your auto-complete file recently?)

Read the article: Auto-complete: browsers disclose private data - Update

Comments on original proof of concept site says some Mac OSX systems are giving the data, yet some not, even with Auto-Complete turned on.

Advice: Turn off Auto-Complete in all browsers until this is solved...regardless of what a pain in the ass this is. Oh, and don't go to those hacker sites.

Know How Androids Crack

There was news about older versions of the iPhone OS being maliciously cracked. Now, news of the Android in a worse situation.


Protecting Users Against This Kind of Attack—This attack takes advantage of the poor way that Android GUI displays permissions requests and takes advantage of the fact that Google does not attempt to vet apps before they appear on the Android Market (and allows them to be distributed elsewhere as well.) The best way to mitigate against it is to educate users of the importance of examining and understanding all permissions requests that an app presents, and warning them that some permission requests may not be visible without scrolling down list, before deciding whether to install the app or not. In particular, users should probably be advised not to install any application that asks for permission to change APN settings.

Read more ...

Security: Connect the Dots–Ongoing

The twin stars around which digital cinema revolves are quality and security. The first allows some leniency; for example, 3D cinema movie quality is only close to the specification required of 2D movies. But security is meant to be multi-layered and well beyond 'good enough'. From lens to lens, the expectation is that each player will do their part to contribute to a secure whole.

Fortunately, such security is part of a general industry effort that constantly looks for and responds to problems. Unfortunately, there is a lot of nuance that require a professional eye to spot trends. In a field full of artists on very tight schedules and increasingly tight budgets, the art of security can take a lower priority if the ramifications are not known. 

Read more ...

Subcategories

There are a lot of experts in security out there. What they write is often dry as a bone. But there are a few sites that stay on top of the events, and express themselves in ways that us mere mortals can comprehend.

Bruce Schneier -  He wrote the books, he writes the newsletters, he has the blog. Top of the list for a reason. The link is to his monthly CryptoGram...subscribe now.

Hagai Bar-el - Information Security Specialist whose websites focus on security engineering and on managing innovation processes. Good source for definitions. There is also a blog and RSS feed.

Handbook of Applied Cryptology - All Chapters are free for the download. Get them off the cloud now.

We are putting millions of dollars of library materials into the hands of people trained to believe that MP3s and everything else should be free. We give them all the late hours unsupervised. What is wrong with this picture?

Security issues should always be taken seriously. Then again, so should consistent exercise and taking regular breaks from madness. Notwithstanding, here's the recent news in the field of security.

Security is mostly a superstition. It does not exist in nature.... Life is either a daring adventure or nothing.
~ Helen Keller (1880 - 1968), The Open Door (1957)